http://www.microsoft.com/security/portal/Entry.aspx?name=TrojanSpy%3aWin32%2fBancos.gen!A

但按照它的提示，在硬盘里又搜索不到那个 explori.exe 文件。注册表里也没有。

Also Known As:
Win-Trojan/Bancos.479720 (AhnLab)
Win32/Bancos.IVV (CA)
Trojan-Spy.Win32.Bancos.apq (Kaspersky)
Spy-Agent.cj.gen.h (McAfee)
W32/Banker.CDRQ (Norman)
Mal/Emogen-T (Sophos)
Trojan.Banker.Delf (Sunbelt Software)
Infostealer.Bancos (Symantec)
TSPY_BANKER.YY (Trend Micro)
Summary
TrojanSpy:Win32/Bancos.gen!A is a password stealing trojan, that targets specific online banking web sites. Captured credentials may be sent via SMTP e-mail to a specified e-mail address.
Symptoms
System Changes
The following system changes may indicate the presence of Trojan:Win32/Bancos.gen!A:

*
Presence of the file <system folder>\explori.exe
*
Presence of this registry value and data:
Adds value: "explorer"
With data: "<system folder>\explori.exe"
To subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run